ALLENATI CON SICUREZZA

Privacy policy

This Privacy Policy is made, in compliance with articles 13 and 14 of EU Regulation 679/2016 (hereinafter "Regulation"), to users (hereinafter: "Users" or "User") of the website https://www.mantienitinforma.com/ (hereinafter: "Site ") Owned by" MAPA INTERNATIONAL di Matteo Apa "with registered office in Belpasso (CT), via Palmiro Togliatti n. 3, VAT number 10747300969 (who is the Data Controller of personal data, hereinafter: "Data Controller") or to those who subsequently purchase the products offered on the Site or register for the newsletter service (hereinafter: "Newsletter "), Giving us their consent for a specific purpose (hereinafter:" Customers "or" Customer "), and is intended to describe how the Site is managed with reference to the processing of personal data, as well as to allow Users of the Site to know the purposes and methods of processing personal data by the Data Controller in case of their conferment. Where, on the other hand, while browsing the Site, the User and / or the Customer accesses through links to pages or sites managed by third parties, for the processing of personal data, reference must be made to the Privacy Policies published therein.
In particular, this Privacy Policy describes how the Data Controller collects, uses, processes and communicates the User's personal data in case of access to the Site and use of the same and the services provided therein, specifically:

1. Who is the data controller?
2. Principles applicable to the processing of personal data
3. Type of Users
4. What categories of data does the Data Controller collect and use?
5. Why is personal data collected?
6. Who sees, receives and uses the data and where can this be done?
7. Methods of processing and storage of personal data
8. What are your data protection rights and how can they be exercised?
9. Contact details of the Data Controller
10. Information relating to Cookies
11. Update and previous versions of this Privacy Policy

This document also informs the User on how to exercise their rights (including the right of opposition relating to part of the data management carried out by the Data Controller). More information about the rights and how to exercise them are given in the following paragraphs of this Privacy Policy.
As specified in the General Conditions and Terms of Service, the services offered by the Data Controller are aimed at people over the age of 18. Should the Data Controller become aware of the processing of data of minors under 18 years of age without valid consent of the parents or of a legal guardian, it reserves the right to unilaterally interrupt the use of the service offered and to delete the data acquired. .
Terms that are not defined in this Privacy Policy (such as "Service" or "Service Owner") have the same meaning described in the General Conditions and Terms of Service.
 Who is the Data Controller of personal data?
Where the terms "Company", "his / her" or "Data Controller" are present in this Privacy Policy, they are intended to refer to:
"MAPA INTERNATIONAL di Matteo Apa.", A company incorporated under Italian law, registered in the Business Register of the Milan Chamber of Commerce with REA number MB - 2554487, Tax Code / VAT number 10747300969 and having its registered office in Belpasso (CT), via Palmiro togliatti n. 3, which is the owner of the processing of the personal data of Users and / or Customers pursuant to this Privacy Policy.

Principles applicable to the processing of personal data
The Data Controller, pursuant to and for the purposes of the Regulation, announces that the aforementioned legislation provides for the protection of individuals with respect to the processing of personal data, and that such processing will be based on principles of correctness, lawfulness, transparency and protection. privacy and fundamental rights.

What categories of data does the Data Controller collect and use?
If you visit the Site and use the search service or register on the Site itself, the Data Controller collects the following categories of personal data:
4.1. Personal data provided by the User
Personal data shared with the Data Controller, including those shared when registering for the Newsletter to receive marketing communications, as well as those provided to us while using the services, including information entered on the platform and contained in comments, reviews or messages sent by email or through social media channels.
More precisely:
When a contact occurs between the Data Controller and the User and / or Customer by e-mail or through social media, the Data Controller may collect: the personal data provided to us by the User and / or Customer when the same connects with the Data Controller, including name and surname, username (if available), telephone number (if necessary) and e-mail address. In particular, Users have access to a Live Chat system reserved for them which allows them to respond to announcements via chat. However, the messages exchanged between the Users are encrypted and saved in the Data Controller's database, generating a unique encryption key for each message. The encrypted message and the key needed to decrypt the message will then be saved in the database. Furthermore, Users will be able to decide whether or not to receive notifications relating to advertisements via email.
When the User and / or Customer signs up for personalized marketing services ("Newsletter"), the following data may be provided to the Data Controller: personal details (including name, surname and e-mail address), the way in which you access the website, including your IP address, online identifiers and browser details. We may also be provided with browsing behaviors or personal interests. Note that some of this information may be collected automatically in accordance with par. 4.2.
With reference to the particular categories of personal data, it is specified that the Data Controller, where strictly necessary and within the limits and in compliance with the law, will use such data exclusively to fulfill or request the fulfillment of specific obligations or to carry out specific tasks provided for by European Union legislation.
The aforementioned personal data, when requested, are necessary for an adequate execution of the contract between the Data Controller and the User and / or the Customer and to allow the Data Controller to fulfill its legal obligations, except in the case in which the latter depends on the consent of the interested party as a legal basis for the processing and for the legitimate interest of the Data Controller. Without them, the latter may not be able to provide all the required services.
It is important that all personal data provided by the User and / or the Customer are correct and exact. This means, by way of example only, the assurance by the User and / or the Customer that the contact details held by the Data Controller (including the e-mail address) are always correct.
4.2. Personal data collected automatically by the Site, from communications sent by the Data Controller and / or by third parties
The Data Controller collects information relating to visits to the Site and use of the Site, such as the device and browser used, the IP address or domain names of the computers connected to the Site, the addresses in URI notation (Uniform Resource Identifier ) of the requests made, the time of the request, the date and time of the visit, the duration of the visit, the referral site and the navigation path on the Site relating to the visit and interactions on the Site, the method used in submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment and / or by the Customer.
For more information on the purposes for which the Data Controller collects and uses this information, see the paragraph on Cookies of this Privacy Policy (10. Information relating to Cookies). Note that personal information can also be linked to cookies, eg. to collect information on how to use the Site and the services offered there.
The Data Controller could proceed to the automatic collection of some personal data of the User and / or the Customer also to understand how the User and / or the Customer interacts with the communication material sent to him by the same Data Controller, for example e-mail, including the actions performed in relation to the communications themselves, for example clicks on links in the text of the e-mail, the duration and frequency of interactions with the e-mail itself. 
To the extent permitted by applicable law, the automatic collection of the User's and / or Customer's personal data may also take place in the event that the Data Controller receives additional information relating to the User and / or the Customer such as tracking information. fraud and warnings from third party service providers and / or partners for its fraud prevention activities.
5. Why is personal data collected?
In general terms, the Data Controller uses personal data to provide the services requested by the User and / or the Customer, send service communications, report important changes to the Site and possibly propose content and advertisements that the Data Controller believes can be of interest to the User and / or the Customer.
More precisely, the personal data provided by Users through the use of the Site will be processed with their consent, for the purposes described below:
Provision of services accessible through the Site:

In order to provide some services such as:
create and maintain the contractual relationship established for the supply of the product and / or service requested at each stage and through any possible integration and / or modification requested by the User and / or the Customer;
in-depth study of the activities, events and other initiatives, institutional and training, organized or carried out by the Data Controller;
management and processing, in relation to what is indicated in the previous point, of questions and requests for interaction with the Data Controller and the subjects related to the latter's organization.

On what legal basis?
To fulfill a contract or for the execution of a service or measures related to a contract and / or a service (or to provide the requested services, and / or to provide the User with assistance)

B. Compliance with legal, regulatory and compliance requirements
To meet legal, regulatory and compliance requirements and to respond to requests from government or law enforcement authorities that are conducting an investigation.
On what legal basis?
To comply with the law (i.e. to share personal data with regulatory authorities)

C. Integrative and behavioral statistical analyzes
To carry out aggregative statistical analysis on anonymous groups or to analyze the behavior of identifiable subjects, in order to be able to see how the Site, the services provided therein are used and verify the performance of the related activity. 
On what legal basis?
To pursue the legitimate interests of the Data Controller (or to improve the Site, its functions and the services offered therein)

D. Sending personalized and profiled marketing communications
To send personalized and profiled marketing communications exclusively with the consent of the User and / or the Customer, as well as to share the best offers and promotions on products via e-mail and on the Site or on third party sites (eg through advertisements) and services that the Data Controller deems may be interesting as they respond to the interests of the User and / or the Customer. The customized services or offers can be marketed by the Data Controller or by its partners or by commercial collaborators operating in the following sectors: tourism, leisure, entertainment, high-tech, fashion, decoration, consumer goods, food & beverage, finance , banks, insurance, energy, environment, communication, mass media, real estate, pharmaceuticals, clothing and textiles, education and training, publications and publishing, information and communication technologies, retail, sports, telecommunications and services in general. For this purpose, the Data Controller could:
- analyze the personal data collected to create a profile of the interests and preferences of the User and / or the Customer, in order to create personalized and targeted communications that are relevant and consistent with the User and / or Customer profile;
- combine the information collected through cookies with information relating to purchases made on the Site and with information that the Data Controller may receive from third parties, who collect User and / or Customer data in a manner agreed with the same.
- analyze information on the interaction with the communication material sent by the Data Controller, for example data on the time of opening of the e-mails or to determine if the advertisements have been seen and if there has been interaction with them, for record the number of times each listing has been viewed, to prevent a single listing from being shown too frequently, etc.
- temporarily share an encrypted version of the User's and / or Customer's e-mail address with partners scrupulously selected by the Data Controller, who can combine this information with other forms of online identifiers or with other personal data in order to show to the same User and / or Customer the offers of the Data Controller on multiple devices or channels, for example on social networks (Facebook, Pinterest, Instagram, Twitter).
- use automated decision-making processes to segment and target product offers based on the requests and needs of the User and / or the Customer, reducing the risk of proposing inappropriate or irrelevant information and / or offers to the same. The User and / or Customer has the right to request that a manual decision-making process be carried out, to express their opinion or to contest decisions based solely on automated processing, including profiling, if such decisions produce legal or other similar effects. For further details, you can contact our data protection officer, whose contacts are provided in Article 9 of this Privacy Policy.
On what legal basis?
Where the User and / or the Customer gives his consent

E. Security of the Site and of the systems used by the Data Controller
To maintain the security of the Site and the systems used by the Data Controller for the provision of the Services and to prevent and identify any fraud, security incidents and / or other crimes.
On what legal basis?
To pursue the legitimate interest of the Data Controller (or to ensure the security of the Site and systems)

F. Verification of compliance and legal actions
To verify compliance with the General Conditions and Terms of Service and for the assessment, exercise or defense of a right in court.
On what legal basis?
To pursue the legitimate interests of the Data Controller (ie in accordance with the General Conditions and Terms of Service, to protect the rights of the Data Controller in the event of disputes or complaints)

G. Personalization of advertisements and online marketing notifications
To adapt and personalize advertisements and online marketing notifications based on the information collected through cookies and relating to the use that the User and / or the Customer makes of the Site, the products and services provided therein as well as other sites (for further information, please refer to the paragraph on cookies of this Privacy Policy).
On what legal basis?
Where the User and / or the Customer gives their consent (ie through the Cookie banner or through the browser settings)

Who sees, receives and uses the data and where can this be done?
6.1. Categories of data recipients
The Data Controller shares personal data, for the purposes described in this Privacy Policy, with the following categories of recipients:
its employees and / or authorized collaborators who provide assistance and consultancy services in the administration, product, legal consultancy, IT systems areas, as well as to the personnel in charge of maintenance of the network and hardware and software equipment of the Data Controller;
the competent authorities, if required by the regulations in force;
the competent authorities and third-party authorities in charge of law enforcement, if this is necessary in order to enforce the General Conditions and Terms of Service as well as protect and defend the rights or property of the Data Controller or the rights and property of third parties ;
third parties who receive the data (for example, business consultants, professionals in the provision of due diligence services in tax matters, or who estimate the value and capabilities of the business), if necessary in relation to '' activity or assets of the Data Controller (eventuality in which the data will be communicated to the consultants of the Data Controller and to the consultants of any potential buyer and will be transferred to the new owners).
the personal data collected may also be processed by subjects or categories of subjects who act as data processors pursuant to art. 28 of the Regulation or who are authorized to process data pursuant to art. 29 of the Regulations;
in addition, for some services, the data may be disclosed to companies that collaborate or use the services of the Data Controller with the sole intention of providing the services requested by the User. In these cases the companies are independent data controllers, therefore the Data Controller is not responsible for the data processing by them. Furthermore, the Data Controller is not responsible for the contents and compliance with the legislation on the protection of personal data by sites not managed by the same.
The complete list of subjects to whom personal data may be disclosed is available at the registered office of the Data Controller and can be requested by writing to info@mantienitinforma.com.
6.2. Transfer of data
The processing of the User's personal data will take place at the registered office of the Data Controller (see point 1), on the servers of the Data Controller itself and in the offices of any other subjects to whom the data may be transmitted in order to provide the services. requested by the User from the Data Controller.
Furthermore, personal data collected through the Site may be transferred outside the national territory, solely and exclusively for the execution of the services requested through the Site and in compliance with the specific provisions of the Regulations.
Some personal data may be shared with recipients located outside the European Economic Area. The Data Controller ensures that the processing of personal data by these recipients will take place in compliance with the Regulations.
However, if the User wishes for further details relating to the safeguard measures put in place, it is possible to contact the Data Controller by writing to info@mantienitinforma.com.

7. Methods of processing and storage of personal data

The Data Controller ensures that personal data will be processed in full compliance with the Regulation, using manual, computerized or telematic systems and, where necessary, in paper format and will be stored in the Data Controller's database, protecting the privacy and rights of the User. and / or the Customer through the adoption of adequate technical and organizational measures to ensure a level of security appropriate to the risk. The processing can also be carried out through automated tools designed to store, manage and transmit the data.
The data collected and processed will be protected with physical and logical methods such as to minimize the risks of unauthorized access, dissemination, loss and destruction of data, pursuant to art. 25 and 32 of the Regulation.
Pursuant to art. 7 paragraph 3 of the Regulations, the interested party has the right to obtain the revocation of the consent to the processing at any time.
If a request for cancellation is not received by the Data Controller, the personal data will be kept by the latter for as long as necessary to achieve the purposes and perform the activities described in this Privacy Policy, or as otherwise communicated to the User and / or to the Customer, or for the time allowed by applicable law.
Further information on the retention period of personal data by the Data Controller is available below:

Data relating to purchases made on the Site (name and surname, address, contact information, etc.) - Retention terms: 10 years from the date of purchase;

Contractual documents - Retention terms: 10 years from the date of purchase;

Unencrypted credit card data - Retention terms: not stored;

Financial / transaction-related information - Retention terms: 10 years from the completion of the financial transaction;

Data relating to checks for the detection of fraudulent transactions (anti-fraud) - Retention terms: 5 years from the rejection of the transaction;

Data used for marketing purposes (data subject to the consent of the User and / or the Customer and used for marketing activities towards them) - Retention period: 5 years starting from the granting or renewal of the consent by the User and / or Customer through interaction with marketing communications.

With regard to personal data collected through tags, the following retention terms apply:

Technical cookies - Storage term: maximum 3 years, starting from the date of navigation on the Site;
Non-technical cookies - Retention period: maximum 1 year, starting from the date of consent of the interested party.

8. What are your data protection rights and how can they be exercised?

It is possible to exercise the rights guaranteed by the Regulation (articles 15-22), including the rights to:
Right of access: receive confirmation of the existence of personal data, access their content and obtain a copy.

Right of rectification: to update, rectify and / or correct personal data.

Right to cancellation / right to be forgotten and right to limitation: request the deletion of data or the limitation of data that have been processed in violation of the law, including those that do not need to be archived for the purposes for which the data were collected or processed; if we have made personal data public, the User also has the right to request the cancellation of personal data and the adoption of reasonable measures, including technical ones, to inform the other data controllers who are processing the personal data of the request to cancel any link, copy or reproduction of such personal data.

Right to data portability: to receive in a structured format, commonly used and readable by automatic device, a copy of the personal data provided to the Data Controller for the purposes of a contract or with the consent of the User and to request the transfer of such personal data to another data controller.

Right to withdraw consent: in the event that the Data Controller depends on the User's consent, the latter will always have the possibility to withdraw this consent, although the Data Controller may have other legal bases for the processing of the aforementioned data for other purposes.

Right to object, at any time: the right to object at any time to the processing of personal data in certain circumstances (in particular in cases where it is not necessary to process the data to meet contractual or legal requirements, or if the Company uses such data to direct marketing activities.

Right not to be subjected to a decision based solely on automated processing, including profiling: it is always possible to request that a manual decision-making process be carried out, express one's opinion or contest decisions based solely on automated processing, including profiling, if such decisions produce legal or other similar effects.

You can exercise these rights at any time in the following ways:
by contacting the Data Controller by e-mail at info@mantienitinforma.com.
Rights relating to personal data may be limited in some situations. For example, in the event that satisfying this request reveals the personal data of another person or if there are legal requirements or compelling legitimate reasons, the Data Controller may continue the processing of personal data for which the cancellation was requested.
You also have the right to make a complaint if you believe that your personal information has been handled incorrectly. The User is invited to first contact the Data Controller, but it is his right, to the extent that this right applies to his case, to lodge a complaint directly with the supervisory authority responsible for data protection.

9. Contact details of the Data Controller
The contact details of the Data Controller referred to above are:
"MAPA INTERNATIONAL di Matteo Apa", a company incorporated under Italian law, registered in the Business Register of the Milan Chamber of Commerce with REA number MB - 2554487, C.F. / VAT number 10747300969 and having its registered office in Belpasso (CT), via Palmiro Togliatti 3.

10. Information relating to cookies
For any information relating to cookies visit the following page.

11. Update and previous versions of this Privacy Policy

This Privacy Policy may undergo changes over time - also related to the possible entry into force of new sector regulations, the updating or provision of new services or technological innovations. Therefore, the Data Controller reserves the right to modify this Privacy Policy at any time in accordance with this paragraph. If the Data Controller makes changes to this Privacy Policy, he will publish the revised Privacy Policy on the Site and will insert the "last updated" date at the beginning of this Privacy Policy.